OREANDA-NEWS. May 19, 2009. Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu. The third edition of the Deloitte Global TMT Security Survey reveals that 32 percent of respondents reduced their information security budgets, while 60 percent of respondents believe they are “falling behind” or still “catching up” to their security threats – a significant increase from 49 percent over the previous year, reported the press-centre of Deloitte.

“Information and intellectual property protection is at the heart of the activities of any global Technology, Media and Telecommunications (TMT) company,” – notes Olga Tabakova, a partner at Deloitte CIS and the Head of the TMT group there. “In CIS countries, the CEOs of such companies are increasingly focused on the level of information security, which is highlighted by the annual increase in the number of our survey’s participants. Thus, the CEOs of companies such as VimpelCom, MTS, Yandex, Astelit, Aztelecom, Azercell and Astel were engaged in the Deloitte Survey from CIS this year.”

With the proliferation of digitized assets, security should claim a significant portion of a company’s overall IT budget. However, only 6 percent of respondents allocate 7 percent or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36 percent of the respondents allocated 7 percent or more of their budget to IT security.

The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53 percent of respondents considering their organizations to be early adopters, or part of the early majority, down from 67 percent in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.

“Popular instant messaging services and social networks lead not only to information leakage, but also have, in most cases, a negative impact on staff performance. Information Security plays a vital role in ensuring the correct use of this kind of information exchange,” noted Denis Lipov, a senior manager at Deloitte CIS.

Social Networking Adds to the List of Insider Threats
While social networks such as Facebook, MySpace and Twitter, and blogs can be powerful enablers, they also increase organizations’ internal security challenges. In today’s connected world, insider threats are greater than ever. Survey results show that “exploitation of vulnerabilities in web 2.0 technologies” and “social engineering” techniques such as pretexting and phishing are regarded as a threat to a company’s information security, with 83 percent and 80 percent of respondents respectively.

Furthermore, generational differences have a major influence on perceptions of privacy. Information sharing for the youngest generation of TMT workers can test the limits of traditional privacy laws. In contrast, older generations have a different perspective on privacy. Survey respondents recognize this issue, with 56 percent rating “cultural interpretations” as an “average” to “very high” threat to their information security.

The survey also cites that with new vulnerabilities constantly emerging, TMT companies are less confident in their ability to deal with internal security risks. This year, only 28 percent of respondents rate themselves as “very confident” or “extremely confident” with regard to internal threats, down from 51 percent in 2007. Forty-one percent of respondents experienced at least one internal security breach in the past 12 months.

Additionally, companies do not have the necessary resources in place to cope with emerging network vulnerabilities. Only 47 percent of those surveyed currently have a privacy program in place, and only 44 percent have an executive responsible for privacy – the latter down from 50 percent a year earlier. This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33 percent), a written privacy policy (28 percent), nor a formal directive with respect to the destruction of personal information (28 percent).

Mr. Lipov also noted that “as affected by statutory requirements, companies are placing greater emphasis on personal data protection in connection with both employees and clients. Ensuring the efficiency of business processes, along with processed personal data security and regulatory compliance, is fast becoming one of the most important issues for the Firm’s management”.

Regulatory Issues Are Moving to the Forefront
TMT companies face a myriad of rules and regulations that relate to information security and strict compliance is critical, particularly in a tough economy. Failure to comply can expose a company to hefty fines and significant liability. However, compliance with rules and regulations may not be sufficient for TMT companies to mitigate their information security risks. Over 67 percent of respondents say that regulatory security requirements are at best “somewhat effective” for improving their information security posture. A majority (57 percent) of respondents believe that effectively meeting regulatory requirements is either inadequately funded or missing senior executive support.